1. Datasets for defining NFT-related contract defects.
2. Tool NFTGuard for detecting NFT contract defects.
-
Python >= 3.6.
-
evm >= 1.10.21. Download version 1.10.21 (tested) from go-ethereum and add executable bins in the
$PATH
.wget https://gethstore.blob.core.windows.net/builds/geth-alltools-linux-amd64-1.10.21-67109427.tar.gz tar -zxvf geth-alltools-linux-amd64-1.10.21-67109427.tar.gz cp geth-alltools-linux-amd64-1.10.21-67109427/evm /usr/local/bin/ #$PATH
-
solc. Recommend solc-select to manage Solidity compiler versions.
pip3 install solc-select
- Python dependencies installation.
pip3 install -r requirements.txt
- Or you can build or pull the docker image.
docker build -t nftdefects:local . # local build
docker pull ghcr.io/nftdefects/nftdefects:latest # remote pull
To test one solidity file, use -cnames
to specify contract name.
python3 tool.py -s test/token.sol -cnames token -j -glt 200 -ll 100 -dl 500
To test a specifc function, use -fselector
to specifiy the function selector (-as
option is provided for automatical solc version switch).
python3 tool.py -s test/toadz.sol -cnames CreatureToadz -fselector 40c10f19 -as
For solidity project (supports newest version crytic-compile toolset). Remember to use remap to link the outside libraries (openzeppelin, etc).
python3 tool.py -s "path/to/.sol" -rmp "remapping/import_lib/path" -cnames "contract name"
# example
python3 tool.py -s test/8liens/contracts/8liens/8liensMinter.sol -rmp erc721a=test/8liens/erc721a @openzeppelin=test/8liens/@openzeppelin -cnames \$8liensMinter -ll 50 -glt 60
Other utils: contract/project source code crawler (with complete code structure) from EtherScan. See crawler.py. The utils can help recover the original structure of the DApp contracts to be fed into NFTGuard with remap configuration.
python3 crawl.py --dir ./0x --caddress 0x # 0x is the contract address
Usage in the NFTGuard CLI.
python3 tool.py -caddress 0xa4631a191044096834ce65d1ee86b16b171d8080 -cnames CreatureToadz -fselector 40c10f19
For the docker image, run with the following command.
docker run -v test:/NFTGuard/test ghcr.io/nftdefects/nftdefects:latest -s test/token.sol -cnames token -j
This repository was proposed in the ISSTA'23 paper, and we would really appreciate for your citation if this repo helps you.
@inproceedings{yang2023definition,
title={Definition and Detection of Defects in NFT Smart Contracts},
author={Yang, Shuo and Chen, Jiachi and Zheng, Zibin},
booktitle={Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis},
pages={373--384},
year={2023}
}
Copyright © 2024 Shuo Yang.
This project is Apache licensed.